
from datetime import datetime
from werkzeug.security import generate_password_hash, check_password_hash
from apps import db

# ==================== 数据模型定义 ====================
class AuditUsers(db.Model):
    __tablename__ = 'audit_users'
    user_id = db.Column(db.String(100), primary_key=True)
    name = db.Column(db.String(100), nullable=False)
    role = db.Column(db.String(50), nullable=False)
    password_hash = db.Column(db.String(128), nullable=False)
    is_active = db.Column(db.Boolean, default=True)
    created_at = db.Column(db.DateTime, default=lambda: datetime.now())
    public_key = db.Column(db.Text)  # 存储用户的公钥PEM格式
    
    # 关系
    records_created = db.relationship('ElectronicRecord', backref='creator', lazy=True)
    signatures = db.relationship('ElectronicSignature', backref='signer', lazy=True)
    audit_logs = db.relationship('AuditLog', backref='user', lazy=True)
    private_keys = db.relationship('UserPrivateKey', backref='user', lazy=True)
    
    def set_password(self, password):
        self.password_hash = generate_password_hash(password)
    
    def check_password(self, password):
        return check_password_hash(self.password_hash, password)
    
    def to_dict(self):
        return {c.name: getattr(self, c.name) for c in self.__table__.columns}

class UserPrivateKey(db.Model):
    __tablename__ = 'user_private_keys'
    
    key_id = db.Column(db.Integer, primary_key=True)
    user_id = db.Column(db.String(50), db.ForeignKey('audit_users.user_id'), nullable=False)
    private_key_pem = db.Column(db.Text, nullable=False)  # 加密存储的私钥
    is_active = db.Column(db.Boolean, default=True)
    created_at = db.Column(db.DateTime, default=lambda: datetime.now())
    expires_at = db.Column(db.DateTime)
    
    def to_dict(self):
        return {c.name: getattr(self, c.name) for c in self.__table__.columns}

class AuditLog(db.Model):
    __tablename__ = 'audit_log'
    
    log_id = db.Column(db.Integer, primary_key=True)
    event_type = db.Column(db.String(50), nullable=False)
    user_id = db.Column(db.String(50), db.ForeignKey('audit_users.user_id'))
    description = db.Column(db.Text)
    timestamp = db.Column(db.DateTime, default=lambda: datetime.now())
    ip_address = db.Column(db.String(50))  # 记录操作IP
        
    def to_dict(self):
        return {c.name: getattr(self, c.name) for c in self.__table__.columns}

class ElectronicRecord(db.Model):
    __tablename__ = 'electronic_records'
    
    record_id = db.Column(db.String(2048), primary_key=True)
    record_type = db.Column(db.String(50), nullable=False)
    content = db.Column(db.Text, nullable=False)
    content_hash = db.Column(db.String(64), nullable=False)  # SHA-256哈希
    created_by = db.Column(db.String(50), db.ForeignKey('audit_users.user_id'), nullable=False)
    created_at = db.Column(db.DateTime, default=lambda: datetime.now())
    
    # 关系
    signatures = db.relationship('ElectronicSignature', backref='record', lazy=True)
    
    def to_dict(self):
        return {c.name: getattr(self, c.name) for c in self.__table__.columns}

class ElectronicSignature(db.Model):
    __tablename__ = 'electronic_signatures'
    
    signature_id = db.Column(db.Integer, primary_key=True)
    record_id = db.Column(db.String(50), db.ForeignKey('electronic_records.record_id'), nullable=False)
    user_id = db.Column(db.String(50), db.ForeignKey('audit_users.user_id'), nullable=False)
    signature_data = db.Column(db.Text, nullable=False)  # Base64编码的签名
    signing_purpose = db.Column(db.String(100), nullable=False)
    timestamp = db.Column(db.DateTime, default=lambda: datetime.now())
    signature_algorithm = db.Column(db.String(50), nullable=False)  # 如RSA-PSS-SHA256
    certificate_info = db.Column(db.Text)  # 证书信息(如有)
    
    def to_dict(self):
        return {c.name: getattr(self, c.name) for c in self.__table__.columns}